This patch updates implicitlyStyledElementShouldBeRemovedWhenApplyingStyle to return true
(triggering removal of tag) only if the style implicitly added by the element is not present in
the new style to apply. It also changes surroundNodeRangeWithElement so that it merges the
surrounding element when possible. applyTextDecorationStyle is modified so that it does not add
style span when the style attribute is empty.

Test: editing/execCommand/toggle-style-3.html

editing/ApplyStyleCommand.cpp:

(WebCore::ApplyStyleCommand::shouldRemoveTextDecorationTag): Returns true if specified text
decoration is not present in the style to apply
(WebCore::ApplyStyleCommand::implicitlyStyledElementShouldBeRemovedWhenApplyingStyle): No longer
returns true if the tag is used in new style
(WebCore::ApplyStyleCommand::applyTextDecorationStyle): Does not add style-span when redundant
(WebCore::ApplyStyleCommand::surroundNodeRangeWithElement): Merges the newly created element
with the surrounding identical elements

editing/ApplyStyleCommand.h:

LayoutTests:

This patch adds test to make sure to preserve presentational tag
(u, s, strike, i, em, sup, sub, b, & strong) when the corresponding style is present in
the final computed style. i.e. avoid removing tag and re-applying the style later

editing/execCommand/19653-2-expected.txt: Two b elements are merged.

editing/execCommand/createLink-expected.txt: Two anchor elements are merged.

HistoryController is in charge of managing the current / previous /
provisional HistoryItems. The split isn't perfect, but it's a place to
start. I'll move HistoryController into its own file in another patch.

WebKit/mac: <rdar://problem/7290671> Crash after navigating away from a page with subframe containing plug-in

Reviewed by Brady Eidson.

At the time that -stop is called on a WebBaseNetscapePluginView that is contained within a subframe
the WebFrame's data source has been zeroed out. This was causing -[WebBaseNetscapePluginView webFrame]
to return nil during -stop, preventing the plug-in view from unregistering itself from the PluginHalter.
We fix this by having -webFrame retrieve the frame directly rather than retrieving it from the data source.

Plugins/WebBaseNetscapePluginView.mm:

(-[WebBaseNetscapePluginView dataSource]): Get the data source from the WebFrame.
(-[WebBaseNetscapePluginView webFrame]): Get the Frame directly from the element's document rather
than taking a windy route through the WebDataSource.

WebKitTools: Enable plug-in halting in DumpRenderTree.

We drop the plug-in halting delay to 1 second and opt in the delegate method to never halt plug-ins.
This is sufficient to ensure that the crash covered by <rdar://problem/7290671> no longer occurs.

platform/network/CredentialStorage.cpp:
(WebCore::pathToDefaultProtectionSpaceMap): Changed the data structure to a simpler one.
(WebCore::originsWithCredentials): The reason for two-stage lookup above was that we didn't
want to iterate paths for origins that never had credentials associated with them. Changed
to use a separate HashSet for this.
(WebCore::pathToDefaultProtectionSpaceMap): The concept of default per-path credentials didn't
match the spec very well. UAs are supposed to deduce protection space from an URL, and then
use whichever credentials are known for this protection space. So, OriginToDefaultBasicCredentialMap
is now PathToDefaultProtectionSpaceMap.
(WebCore::protectionSpaceMapKeyFromURL): Factored out a helper that extracts a directory
URL from a given URL. These directory URLs are what we use as keys in PathToDefaultProtectionSpaceMap.
(WebCore::CredentialStorage::set): Updated for above changes.
(WebCore::findDefaultProtectionSpaceForURL): Factored out code iterating path length to find
a prefix in OriginToDefaultBasicCredentialMap.
(WebCore::CredentialStorage::set): Another version of set() can update credentials for a
URL default protection space. It does nothing if the given URL doesn't correspond to a known
protection space.
(WebCore::CredentialStorage::get): Renamed from getDefaultAuthenticationCredential.

platform/network/CredentialStorage.h: Made the distinction between methods that use a known
protection space and those that deduce one from URL more clear.

platform/network/mac/ResourceHandleMac.mm:
(WebCore::ResourceHandle::start): Update credentials before starting the request for real.
This makes the following pattern work:
var req = new XMLHttpRequest("GET", "logout.html", "logout", "logout"); wrong credentials
req.send("");
req.abort();
Abort() is used here to avoid having UA present an auth dialog after getting a 401 response.
Note that one cannot log in using the same method, because there isn't a known protection
space for the URL yet in that case, so the added code has no effect.
(WebCore::ResourceHandle::didReceiveAuthenticationChallenge): Use a correct persistence for
calling receivedCredential(). This fixes logging in using an async XHR (withut abort(), of
course), and matches sync case.
(+[WebCoreSynchronousLoader loadRequest:allowStoredCredentials:returningResponse:error:]):
Renamed getDefaultAuthenticationCredential() to get().

platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::ResourceHandle::start):
(WebCore::WebCoreSynchronousLoader::load):
Same changes as in Mac code.

Optimized StringImpl methods lower(), stripWhiteSpace() and simplifyWhiteSpace() to
detect no-ops and return this instead of creating a new instance.
Empirical testing shows that the majority of calls to these methods are no-ops, making
this worthwhile even if (in the case of lower()) the non-no-op case is slightly slowed.
Upper() is very rarely a no-op, so it wasn't worthwhile to optimize it.

Removed the async buffer queue from the sink. Synchronize the
render method of the sink using a g_timeout_add() combined with a
gcond triggered when the buffer has been rendered.
Also fixed the video sink reference handling in the player, now
that the idle is not there anymore to mess up things.

a Structure's prototype the direct responsility of the object using it.
(Giving Structure a mark function was misleading because it implied that
all live structures get marked during GC, when they don't.)

runtime/JSGlobalObject.cpp:

(JSC::markIfNeeded):
(JSC::JSGlobalObject::markChildren): Added code to mark prototypes stored
on the global object. Maybe this wasn't necessary, but now we don't have
to wonder.

(JSC::Structure::setEnumerationCache):
(JSC::Structure::enumerationCache): Moved property name gathering code
from Structure to JSObject because having a Structure iterate its JSObject
was a layering violation. A JSObject is implemented using a Structure; not
the other way around.

Sets Qt::WA_InputMethodEnabled and Qt::ImhHiddenText for password fields in EditorClientQt
setInputMethodState. This change is needed so widgets such as the s60 software
input panel can receive input method events for password fields.
It's up to the Qt platform to determine which widget will receive input method
events when these flags are set.
Also added implementation for setInputMethodEnabled and setInputMethodHint
to QGraphicsWebViewPrivate and QWebViewPrivate. This change removes the direct
dependency on QWebView and uses QWebPageClient.
Added autotest to tst_qwebpage.cpp

Implement beforeload for images. ImageLoadEventSender has been refactored into a more generic
ImageEventSender that can be used by both load and beforeload events. If the document has any
beforeload listeners, then the installation of images onto the renderer becomes asynchronous
and will be held up until the beforeload event can fire at a later date.

Reviewed by Adam Roben.

Both beforeload and load events now fire at the end of the tokenizer write() methods, so that
in the typical parsing case we don't have to put off the beforeload/load events until after
a layout or paint might already have happened. This lets beforeload/load not cause extra
layouts and repaints.

The Windows DRT equivalent of DoDragDrop (i.e. UIDelegate::doDragDrop) does not return
the OLE drag-and-drop return value like the function it emulates. Currently,
UIDelegate::doDragDrop returns a hard-coded S_OK. Hence, the caller cannot determine
whether the drag-and-drop operation was successful or was cancelled.

This patch fixes this issue by having UIDelegate::doDragDrop return the OLE drag-and-drop
return value according to whether the drop operation was successful or not.

a Structure's prototype the direct responsility of the object using it.
(Giving Structure a mark function was misleading because it implied that
all live structures get marked during GC, when they don't.)

runtime/JSGlobalObject.cpp:

(JSC::markIfNeeded):
(JSC::JSGlobalObject::markChildren): Added code to mark prototypes stored
on the global object. Maybe this wasn't necessary, but now we don't have
to wonder.

(JSC::Structure::setEnumerationCache):
(JSC::Structure::enumerationCache): Moved property name gathering code
from Structure to JSObject because having a Structure iterate its JSObject
was a layering violation. A JSObject is implemented using a Structure; not
the other way around.

Make AtomicString create its StringImpl via create(), not the constructor,
so it gets allocated in a single heap block, saving memory and CPU cycles.
This eliminates two StringImpl constructors, making the remaining ones
unambiguous, so the "AdoptBuffer" parameter is no longer needed.
Added const attribute to UChar* in StringImpl constructor, eliminating the
need for several const_casts in calls to it.
StringImpl also unfriends AtomicString (OMG drama!!!)​https://bugs.webkit.org/show_bug.cgi?id=30141

r49278 added support for reusing isolated worlds, and the
corresponding change to Chromium's LayoutTestController changed
to expect two arguments. The first argument is the world that
the script should run in.

This change fixes the tests by updating them all to pass 0
for the world id. The specific world id used for these tests
doesn't really matter because they don't test world interaction.

This patch also devirtualizes viewBoxToViewTransform(), is it's superflous.
viewBoxToViewTransform() is now a simple static heper function in SVGFitToViewBox.
As a result, the SVGSVGElement::viewBoxToViewTransform() function now resuses the same logic.

As side-effect this patch fixes svg/custom/linking-a-03-b-transform.svg, the return
statement in SVGSVGElement::viewBoxToViewTransform() was clearly wrong.

IWebViewPrivate::inspectorPrivate has been removed. Callers should
instead use IWebViewPrivate::inspector and then use QueryInterface to
get the IWebInspectorPrivate interface. This matches how our other COM
classes work.

The reason for the XSync was that the plugin would not know about the
Drawable. It turns out that the real reason behind this is that even
though XCreatePixmap returns a handle, this id is unknown to the server
until we flush the connection.

Two places in tst_QWebPage::testOptionalJSObjects were marked as
expected to fail. The problem concern checking if a feature is enabled
or disabled. According to discussion on webkit dev mailing list
a disabled feature should be invisible from java script level, but
there are exceptions from the rule. So we decided to disable the test
for now.

This patch separates PolicyChecker from FrameLoader. Loader policy is
in change of managing the FrameLoaderClient callbacks. Ideally, it
shouldn't know anything about FrameLoader, but I couldn't quite remove
all knowledge (although we might be able to do more later). In a
future patch, I'll move PolicyChecker into a separate file.

Changed callback objects to use a standard helper object. The helper
object ASSERTs that it is deleted on the main thread, so no lock is
required when unprotecting its members. It also centralizes some previously
duplicated code.

Callback objects that might be deleted on a secondary thread use
callOnMainThread to delete their helper objects on the main thread.

Add support for controlling lifetime of a world, rather than relying on GC.
(WebCore::V8IsolatedWorld::contextWeakReferenceCallback): Ditto.
(WebCore::V8IsolatedWorld::V8IsolatedWorld): Ditto.
(WebCore::V8IsolatedWorld::destroy): Ditto.

(WebCore::StringImpl::createWithTerminatingNullCharacter): Make sure copy is created

in a single malloc block.

(WebCore::StringImpl::threadsafeCopy): Make sure copy is created in a single malloc block.
(WebCore::StringImpl::crossThreadString): Make sure copy is created in a single malloc block.
(WebCore::StringImpl::sharedBuffer): Change to is-buffer-internal check.

platform/text/StringImpl.h:
(WebCore::StringImpl::startsWith): Just fixed a confusing param name.
(WebCore::StringImpl::bufferIsInternal): Changed member var into accessor method.
(WebCore::StringImpl::m_data): Repositioned for optimal member packing in 64-bit.
(WebCore::StringImpl::m_buffer): Added to provide an explicit location for where internal buffer goes.

Fixes an issue (in the Windows build) where the cursor does not change to the
not-allowed cursor when the drag-and-drop operation is not allowed.

The allowed effects in WebDragClient::startDrag are hard-coded to be
DROPEFFECT_COPY | DROPEFFECT_LINK | DROPEFFECT_MOVE. Instead, the list of
allowed drop effects should be determined by the allowed operations of the
drag source.

We cannot test this using DRT because DRT looks at the programmatic drop
cursor and until bug #24731 is fixed this value is hard-coded to DragOperationCopy.
That is, there is a discrepancy in the Windows build between the Windows API-based
drop effect and the WebKit drop effect. Because DRT cannot read the screen buffer
to determine the cursor, a manual test is needed.

Unreviewed. Remove some folks from committers.py who were listed on
the WebKit Team wiki page but who weren't actually listed as commit+.
At some point, we should coorelate this list with the committers
mailing list.

This function implements showing cookies for all sub-resources of a page.
When the page is loaded, it populates the Storage Panel with a list of all
domains that were loaded as part of the full page load (iframes, ads, etc).
When the user selects one of the domains, the inspector calls back into the
controller, and the controller combines all of the cookies from that domain
into a list, and sends that list is sent back to the controller to render.

A domain now needs to be passed into CookieItemsView, and CookieSidebarTreeElement.

As a result of a previous patch, we now have detailed cookie information for
both Windows on CFNetwork and Mac. Additionally, this patch provides deleteCookie
support on Windows.

Clear previous preedit or pending composition before storing new ones.
This can happen when a WebView receives a native keydown event without
a matching keyup event or when preventDefault() is called on DOM keydown
events.

We cannot support content propagation for items in QGraphicsView because
the contents of the backing store might be transformed. So turn it off
if we are not painting on QWidget.

Note that this check will not work for a QWebView in a
QGraphicsProxyWidget, but I guess it's fine. Alternative is to do an
even uglier cast: static_cast painter's paintDevice() to QWidget and
check if it is the viewport() of QGraphicsView.

jit/JITStubs.cpp:
Mark cti_vm_throw symbol as PLT-indirect symbol, so it doesn't end up
in text segment causing relocation errors on amd64 architecture.
Introduced new define SYMBOL_STRING_RELOCATION for such symbols.

Fix for <rdar://problem/7271202>
Dispatch resource load delegate functions for the media element.
Since we don't get the required callbacks from the media engine,
just fake the parameters to the delegate functions as best as possible.

Implement object cloning semantics for postMessage. Currently only
a partial implementation of the spec -- cloning of File, FileList,
ImageData, and RegExp were left out as they would have significantly
increased patch size.

Cloning requires multiple tree walks so we use a templated tree
walk function, allowing us to share a single implementation for
serialization, deserialization, and eventual destruction of the
serialized object tree.

Fixes an issue where the Mac build does return the correct drop effect
with respect to the HTML 5 specification when effectAllowed == "none".

Currently, when effectAllowed == "none" and dropEffect == "copy" or
dropEffect == "move" the resulting drop effect is "copy" and "move",
respectively. However, the HTML 5 specification states that regardless
of the specified dropEffect, when effectAllowed == "none" the resulting
drop effect should be "none".

No new tests are associated with this because DumpRenderTree
always sets clipping on the painter, thus it would never hit
the test case, but fast/box-shadow/basic-shadows.html is a
good example of what happens if the clipping is not set by
the user of QtWebKit.

platform/graphics/qt/GraphicsContextQt.cpp:
(WebCore::GraphicsContext::clipOut):
(WebCore::GraphicsContext::clipOutEllipseInRect):
Fixed to handle the case that there is no clipping
before the call.

Replace the ReadContext with another appoach to
reading the image. Attempt to only read meta information
like the image size and number of frames (for animations)
first and then when the page is getting drawn decode
the image with the QImageReader.

This is a huge benefit on pages with many images and saves
~2GB of memory on the szeged image test page.

Use the RGBA32Buffer instead of the internal ImageData
to be able to use support of the base class, optionally
support WebCore decoders for Qt and most importantly
separate metadata and image data for better cache control.

Remove ImageSourceQt as everything is now shared with
the normal ImageSource.

Change the ownership of the NativeImagePtr/QPixmap in
ImageQt.cpp to delete the m_frame to be subject to cache
control.

The print preview dialog crashed because the depth of the drawable
changed owing to a bug in Qt - if you draw onto a 32-bit pixmap,
and set a 24-bit pixmap as source, it will convert the source to
32-bit.

The element gets resized when zoomed. So, we have to make sure that we resize
the drawable and do a setwindow call. Multiple calls to setwindow do not
crash plugin in windowless mode (unlike in windowed mode).

Flash does not use the visual provided by us to draw into the drawable.
It instead uses the system default visual (as returned by XDefaultVisual).
This means that if the screen default visual is 24-bit, Flash won't be
able to draw on 32-bit drawable created by us. This is a bug in Flash
and for the moment, the above quirk is only set for Flash.

Our strategy to create the drawable:

Create a 32-bit drawable if the default screen depth is 32 or the

quirk is not set (i.e not flash)

If we didn't create a 32-bit drawable (maybe the Display has no such

visual), we create a drawable with default screen depth.

As a result of the above changes, content propagation behavior changes as:

In Qt 4.5, a new function QPainter::fillRect(QRect, QColor) is
introduced to avoid the expensive construction of QBrush.
By casting WebCore::Color to QColor, we can compile on Qt 4.4
and use optimization for solid color fill in Qt 4.5.

Allow the platform media player to know the <video> poster URL.
Add MediaPlayerPrivate::prepareToPlay() to support media engines
that do not buffer video data automatically. This method allows
such media engines to start the buffering just before starting
playback.​https://bugs.webkit.org/show_bug.cgi?id=29133

All platforms that currently implement <video> return false
in MediaPlayerPrivate::canLoadPoster() and do nothing in
MediaPlayerPrivate::prepareToPlay() their behavior is
unchanged. The current set of media test should then be
sufficient to guarantee that this patch does not break anything.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::loadResource):
After the MediaPlayer is created, inform it what the poster URL is.
(WebCore::HTMLMediaElement::updatePlayState):
Add another case where prepareToPlay is called for the platforms
that do not buffer video content automatically.
(WebCore::HTMLMediaElement::couldPlayIfEnoughData)
Same as potentiallyPlaying, except that we don't check for
the readyState being at least HAVE_FUTURE_DATA.

platform/graphics/MediaPlayer.cpp:

(WebCore::NullMediaPlayerPrivate::canLoadPoster):
Empty implementation for the NullMediaPlayerPrivate.
(WebCore::NullMediaPlayerPrivate::setPoster):
Empty implementation for the NullMediaPlayerPrivate.
(WebCore::MediaPlayer::canLoadPoster):
Proxy to the m_private.
(WebCore::MediaPlayer::setPoster):
Proxy to m_private.

platform/graphics/MediaPlayer.h:

platform/graphics/MediaPlayerPrivate.h:

(WebCore::MediaPlayerPrivateInterface::canLoadPoster):
(WebCore::MediaPlayerPrivateInterface::setPoster):
Add new methods that allow the platform player to receive the poster URL.
(WebCore::MediaPlayerPrivateInterface::prepareToPlay):
Notifies the media engine that playback should start. The media engine
should start preparing (e.g. by initializing the player and starting to buffer)
and call back when the state is changed to HAVE_FUTURE_DATA.

Removed an unused function and assert improvement.
(WTF::CrossThreadRefCounted::isOwnedByCurrentThread): Moved out common code from asserts.
(WTF::CrossThreadRefCounted::ref): Changed assert to use the common method.
(WTF::CrossThreadRefCounted::deref): Changed assert to use the common method.
(WTF::CrossThreadRefCounted::crossThreadCopy): Since this includes a potentially
non-threadsafe operation, add an assert that the class is owned by the current thread.

WebCore:

All String::copy methods were changed to call either threadsafeCopy or crossThreadString. The method
call was made threadsafeCopy unless I could show that threadsafety wasn't needed.

(WebCore::SecurityOrigin::SecurityOrigin): Since this is used by SecurityOrigin::threadsafeCopy,
it makes threadsafe calls.
(WebCore::SecurityOrigin::threadsafeCopy): The only place that called this
needed a threadsafe method.

Removed StringImpl::substringCopy which was no longer being used anywhere.
(WebCore::StringImpl::threadsafeCopy): Changed the name to indicate that
it is threadsafe.
(WebCore::StringImpl::crossThreadString): The way to get strings for
another thread which is not threadsafe. This shares the underlying buffer
with both strings and gives them a way to do threadsafe refcounting for it.

(WebCore::SharedWorkerProxy::url): Do the copy of the url in a way that is threadsafe.
(WebCore::SharedWorkerProxy::name):
(WebCore::SharedWorkerProxy::SharedWorkerProxy):
(WebCore::DefaultSharedWorkerRepository::getProxy): Do the copy of the url in a way that is threadsafe.